00001 <?
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00023 include_once("ac_common.php");
00024 include_once("postgres.php");
00025 include_once("debug.php");
00026 include_once("user_menu.php");
00027 html_page_start($_SESSION['g_theme']);
00028 echo_debug('priv_user.php',__LINE__,"entering priv_users");
00029
00030
00031 $rep=DbConnect();
00032 include_once ("class_user.php");
00033 $User=new cl_user($rep);
00034 $User->Check();
00035
00036 if ($User->admin != 1) {
00037 html_page_stop();
00038 return;
00039 }
00040
00041 if (! isset ($_GET['UID']) && ! isset($_POST['UID']) ) {
00042
00043 echo_debug('priv_user.php',__LINE__,"UID NOT DEFINED");
00044 html_page_stop();
00045 return;
00046 }
00047 $uid=( isset ($_GET['UID']))? $_GET['UID']: $_POST['UID'];
00048 echo_debug('priv_user.php',__LINE__,"UID IS DEFINED");
00049
00050 $r_UID=GetUid($uid);
00051 if ( $r_UID == false ) {
00052 echo_debug('priv_user.php',__LINE__,"UID NOT VALID");
00053
00054 html_page_stop();
00055 return;
00056 }
00057 echo_debug('priv_user.php',__LINE__,"UID IS VALID");
00058 echo '<H2 class="info"> Administration Globale</H2>';
00059
00060 echo "<div>".MenuAdmin()."</div>";
00061
00062 echo '<DIV>';
00063
00064 echo '<h2>Gestion Utilisateurs</h2>';
00065
00066
00067
00068
00069 ?>
00070
00071
00072
00073 <?
00074
00075 if ( isset ( $_GET['reset_passwd']) ){
00076 $cn=DbConnect();
00077 $l_pass=md5('phpcompta');
00078 $Res=ExecSql($cn, "update ac_users set use_pass='$l_pass' where use_id=$uid");
00079 echo '<H2 class="info"> Password remis à phpcompta</H2>';
00080 }
00081 if ( isset ($_POST['SAVE']) ){
00082 $uid = $_POST['UID'];
00083 echo_debug('priv_user.php',__LINE__,"SAVE is set");
00084
00085 $cn=DbConnect();
00086 $Sql="update ac_users set use_first_name='".$_POST['fname']."', use_name='".$_POST['lname']."'
00087 ,use_login='".$_POST['login']."',use_active=".$_POST['Actif'].",use_admin=".$_POST['Admin']." where
00088 use_id=".$uid;
00089 $Res=ExecSql($cn,$Sql);
00090
00091 foreach ($HTTP_POST_VARS as $name=>$elem)
00092 {
00093 echo_debug('priv_user.php',__LINE__,"HTTP_POST_VARS $name $elem");
00094 if ( substr_count($name,'PRIV')!=0 )
00095 {
00096 echo_debug('priv_user.php',__LINE__,"Found a priv");
00097 $db_id=substr($name,4);
00098 $cn=DbConnect();
00099 if ( ExisteJnt($db_id,$uid) != 1 )
00100 {
00101 $Res=ExecSql($cn,"insert into jnt_use_dos(dos_id,use_id) values(".$db_id.",".$uid.")");
00102 }
00103 $jnt=GetJnt($db_id,$uid);
00104 if (ExistePriv($jnt) > 0)
00105 {
00106 $Res=ExecSql($cn,"update priv_user set priv_priv='".$elem."' where priv_jnt=".$jnt);
00107 } else {
00108 $Res=ExecSql($cn,"insert into priv_user(priv_jnt,priv_priv) values (".$jnt.",'".$elem."')");
00109 }
00110
00111 }
00112
00113 }
00114 } else {
00115 if ( isset ($DELETE) ) {
00116 $cn=DbConnect();
00117 $Res=ExecSql($cn,"delete from priv_user where priv_jnt in ( select jnt_id from jnt_use_dos where use_id=".$uid.")");
00118 $Res=ExecSql($cn,"delete from jnt_use_dos where use_id=".$uid);
00119 $Res=ExecSql($cn,"delete from ac_users where use_id=".$uid);
00120
00121 echo "<center><H2 class=\"info\"> User $fname $lname ($login) is deleted </H2></CENTER>";
00122 html_page_stop();
00123 return;
00124 }
00125 }
00126 $r_UID=GetUid($uid);
00127 ?>
00128 <FORM ACTION="priv_user.php" METHOD="POST">
00129
00130 <? printf('<INPUT TYPE=HIDDEN NAME=UID VALUE="%s">',$uid); ?>
00131 <TABLE BORDER=0>
00132 <TR><TD>
00133 <?printf('First name <INPUT type="text" NAME="fname" value="%s"> ',$r_UID[0]['use_first_name']); ?>
00134 </TD><TD>
00135 <?printf('Name <INPUT type="text" NAME="lname" value="%s"> ',$r_UID[0]['use_name']); ?>
00136 </TD>
00137 </TR><TR>
00138 <TD>
00139 <?printf('login <INPUT type="text" NAME="login" value="%s">',$r_UID[0]['use_login']); ?>
00140 </TD>
00141 <TD class="mtitle">
00142 <?printf('<A class="mtitle" HREF="priv_user.php?reset_passwd&UID=%s">Reset Password</A>',$uid); ?>
00143 </TD>
00144 </TR>
00145 <TR><TD>
00146 <TABLE>
00147 <?
00148 if ( $r_UID[0]['use_active'] == 1 ) {
00149 $ACT="CHECKED";$NACT="UNCHECKED";
00150 } else {
00151 $ACT="UNCHECKED";$NACT="CHECKED";
00152 }
00153 echo "<TR><TD>";
00154 printf('<INPUT type="RADIO" NAME="Actif" VALUE="1" %s> Actif',$ACT);
00155 echo "</TD><TD>";
00156 printf('<INPUT type="RADIO" NAME="Actif" VALUE="0" %s> Non Actif',$NACT);
00157 echo "</TD></TR>";
00158 ?>
00159 </TABLE>
00160 </TD>
00161 <TD>
00162 <TABLE>
00163 <?
00164 if ( $r_UID[0]['use_admin'] == 1 ) {
00165 $ACT="CHECKED";$NACT="UNCHECKED";
00166 } else {
00167 $ACT="UNCHECKED";$NACT="CHECKED";
00168 }
00169 echo "<TR><TD>";
00170 printf('<INPUT type="RADIO" NAME="Admin" VALUE="1" %s> Administrator',$ACT);
00171 echo "</TD><TD>";
00172 printf('<INPUT type="RADIO" NAME="Admin" VALUE="0" %s> Normal user',$NACT);
00173 echo "</TD></TR>";
00174 ?>
00175 </TABLE>
00176 </TD>
00177 </TR>
00178 <TR>
00179 <TD>
00180 <!-- Show all database and rights -->
00181 <H2 class="info"> Droit par défaut </H2>
00182 <TABLE>
00183 <?
00184 $Dossier=ShowDossier('all',1,0);
00185 foreach ( $Dossier as $rDossier) {
00186 $NORIGHT="";$Write="";$Read="";
00187 echo_debug('priv_user.php',__LINE__,"Dossier : ".$rDossier['dos_id']);
00188 $login_name=GetLogin($uid);
00189 $priv=GetPriv($rDossier['dos_id'],$login_name);
00190 printf("<TR><TD> Dossier : %s </TD>",$rDossier['dos_name']);
00191 if ( $priv==0 )
00192 { $NORIGHT="CHECKED";}
00193 else {
00194 $A=$priv[0]['priv_priv'];
00195 echo_debug('priv_user.php',__LINE__,"Priv = $A");
00196 if ( $priv[0]['priv_priv']=='W' )
00197 {$Write="CHECKED";}
00198 else {
00199 if ( $priv[0]['priv_priv']=='R' )
00200 { $Read="CHECKED";}
00201 else {
00202 if ($priv[0]['priv_priv']=='N') {
00203 $NORIGHT="CHECKED";
00204 }
00205 }
00206 }
00207
00208 }
00209
00210 printf('</TD><TD>No Right<INPUT TYPE="RADIO" NAME="PRIV%s" VALUE="NO" %s>',$rDossier['dos_id'],$NORIGHT);
00211 printf('</TD><TD>Read/Write <INPUT TYPE="RADIO" NAME="PRIV%s" VALUE="W" %s>',$rDossier['dos_id'],$Write);
00212 printf('</TD><TD>Read<INPUT TYPE="RADIO" NAME="PRIV%s" VALUE="R" %s>',$rDossier['dos_id'],$Read);
00213 echo "</TD></TR>";
00214 }
00215
00216 ?>
00217 </TABLE>
00218 </TD>
00219 </TR>
00220
00221
00222
00223 <TR><TD><input type="Submit" NAME="SAVE" VALUE="Save changes"></TD>
00224 <TD><input type="RESET" NAME="Reset" VALUE="Cancel Change"></TD>
00225 <TD><input type="Submit" NAME="DELETE" VALUE="Delete User"></TD>
00226 </TR>
00227 </FORM>
00228 </TABLE>
00229 </DIV>
00230
00231
00232
00233
00234
00235
00236
00237
00238
00239
00240 <?
00241 html_page_stop();
00242 ?>
00243
00244